The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: [1]   Go Down

Author Topic: Federal Smart ID Cards Come With Disruptions  (Read 1455 times)

NMC_EXP

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
Federal Smart ID Cards Come With Disruptions
« on: April 07, 2005, 08:26:21 pm »

From National Defense Magazine:

Security Beat

by Joe Pappalardo

Federal Smart ID Cards Come With Disruptions

An effort to strengthen and standardize identification cards will bring headaches to federal agencies, but those in charge of steering the process vow to make it as smooth as possible.

The creation of the ID cards, mandated in August by President George W. Bush via Homeland Security Executive Directive-12, has adhered thus far to its abbreviated timeline, according to Curt Barker, who manages the creation of common requirements for the cards at the National Institute of Standards and Technology.

A process that normally takes two years has been accomplished in six months, he added. The cards will be used by all federal employees and selected contractors. Designed to possess common standards, the IDs will work at the doorways of all federal facilities.

Agencies will be called on to adopt new cards by October. They will be based on standards released in late February. The credentials will feature a microprocessor with identifying data on it, and will employ biometrics to validate that the holders are who they claim to be.
By consolidating purchasing, the government hopes to keep costs down. Each agency must foot the bill for its portion of the work.

Some agencies will be building smart card access control systems from scratch, while others have robust systems in place. It is not clear which organization will have an easier time meeting the standards: agencies building new systems or those asked to reconfigure their existing ones.

The Defense Department built its smart card program years ago, and officials acknowledge this early work paved the way for the government-wide program. “Most of the lessons were learned by the Defense Department,” Spencer said. “There will be pain, but the goal is to manage that pain.”

Mary Dixon, deputy director of the defense manpower data center at the Pentagon, said four million employees in defense agencies, including all services, have cards that nearly match the NIST standards.

“We can’t federate until we trust,” she noted. Still, Dixon said the directive was worth the disruption and cost. “We support the goals of HSPD-12,” she said. “We understand we’ll have to make changes and we’re prepared to do so.”

 
Logged
Come a day there won't be room for naughty men like us to slip about at all...So here is us, on the raggedy edge. Don't push me, and I won't push you.
~ Mal

Roy J. Tellason

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 5996
  • Techy Kinda Guy and Serious Bookaholic
    • Roy J. Tellason's Home Page
Federal Smart ID Cards Come With Disruptions
« Reply #1 on: April 07, 2005, 09:44:11 pm »

Oh,  but the feddies are up to even more fun and games with this stuff...

From the E.P.I.C. newsletter 12.07:

Quote
========================================================================
[4] Spotlight: Homeland Security's Access Card Less Than Secure
========================================================================

President Bush's proposed $2.57 trillion federal budget for Fiscal Year 2006 greatly increases the amount of money spent on surveillance technology and programs while cutting about 150 programs-most of them from the Department of Education. EPIC's "Spotlight  on Surveillance" project scrutinizes these surveillance programs.

This month, EPIC evaluates the Department of Homeland Security's new employee access card and finds significant security risks. The wireless technologies linked to the Department of Homeland Security Access Card (DAC) leave employees' personal information vulnerable to access by criminals. Also, the Department further exposes the card by its broad expansion of the card's function to turn it into a payment device, one that would be used several times a day in unsecured locations such as Metro train stations.

Beginning in May and through the end of the year, Homeland Security will issue the DAC to 40,000 of its 180,000 employees and contractors. The DAC is about the size of a credit card and will carry a digital copy of the cardholder's fingerprint as well as other information.  The Department requests $6 million for  the DAC program  in FY 2006, and each card costs about $8.50

Homeland Security has assumed that there will be some problems with the biometric identifier system on the DAC. The Department has a backup system built into the card-if the fingerprint identification fails, then the employee can gain access by using a 6- to 8- digit PIN. By allowing alternate access through the PIN, Homeland Security creates all of the vulnerabilities associated with allowing complete access to secure areas and information through one password. This is a significant security risk, as a criminal could bypass the biometric identification system by simply learning the PIN. Even without the PIN bypass there are risks to equipping the card with the power to access not only the Department of Homeland Security's resources, but also those of local, state and other federal government entities.

Department of Homeland Security's DAC site:

      https://dhscio.net/dhs_info_center.html

EPIC's Spotlight on Surveillance page:
      http://www.epic.org/privacy/surveillance/s...light/0405.html

EPIC's Biometrics page:

      http://www.epic.org/privacy/biometrics/


What privacy?
 
« Last Edit: April 07, 2005, 09:46:11 pm by Roy J. Tellason »
Logged
Member of the toughest, meanest, deadliest, most unrelenting -- and ablest -- form of life in this section of space,  a critter that can be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
--
Information is more dangerous than cannon to a society ruled by lies. --James M Dakin

NMC_EXP

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
Federal Smart ID Cards Come With Disruptions
« Reply #2 on: April 08, 2005, 04:44:11 am »

Also, the Department further exposes the card by its broad expansion of the card's function to turn it into a payment device

Cashless society here we come.
Logged
Come a day there won't be room for naughty men like us to slip about at all...So here is us, on the raggedy edge. Don't push me, and I won't push you.
~ Mal
Pages: [1]   Go Up